Final admin dashboard changes (#70)

* take in new officer terms in a single transaction

* (debug) add daily cron file for updating officer permissions

* add google module

* update github module & add email function

* add /auth/info endpoint

* add temp file for holding server secrets; todo: look into better methods?

* add /officers/my_info endpoint

* fix bug adding serializable dict function

* remove is_valid from database & upload subset of data through /officers/update_info endpoint

* add utils, clean discord module, and start update_info endpoint validation of input

* clean discord api & add checking for it in /update_info

* add function for getting current github permissions

* add function to update github permissions

* add invite endpoint & simplify implementation

* Add Google Drive API (#81)

* fix bugs, add support for using discord API in user login page

* get more discord users, in case of nickname collisions

* discord, github, and google drive API integration tests

* implement & refactor officer term

* get info about any user by computing_id

Author: EarthenSky

.gitignore

@@ -1,6 +1,10 @@
+# main
 src/run/
 logs/
 
+# google drive api
+google_key.json
+
 # Python - Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

config/cron.sh

@@ -0,0 +1,6 @@
+# This script adds commands to the current crontab
+
+# run the daily script at 1am every morning
+# TODO: make sure timezone is PST
+crontab -l | { cat; echo "0 1 * * * /home/csss-site/csss-site-backend/src/cron/daily.py"; } | crontab -
+

config/export_secrets.sh

@@ -0,0 +1,10 @@
+# TODO: only fill out this file in production
+export GMAIL_USERNAME = "todo"
+export GMAIL_PASSWORD = "todo"
+export GOOGLE_DRIVE_TOKEN = "todo"
+export GITHUB_TOKEN = "todo"
+export DISCORD_TOKEN = "todo"
+
+export CSSS_GUILD_ID = "todo"
+export SFU_API_TOKEN = "todo"
+

requirements.txt

@@ -5,6 +5,7 @@ uvicorn[standard]==0.27.1
 sqlalchemy==2.0.27
 asyncpg==0.29.0
 alembic==1.13.1
+google-api-python-client==2.143.0
 
 # minor
 pyOpenSSL==24.0.0 # for generating cryptographically secure random numbers

src/admin/email.py

@@ -0,0 +1,25 @@
+import os
+import smtplib
+
+# TODO: set this up
+GMAIL_PASSWORD = os.environ.get("GMAIL_PASSWORD")
+GMAIL_ADDRESS = "[email protected]"
+GMAIL_USERNAME = ""
+
+# TODO: look into sending emails from an sfu maillist (this might be painful)
+def send_email(
+    recipient_address: str,
+    subject: str,
+    content: str,
+):
+    mail = smtplib.SMTP("smtp.gmail.com", 587)
+    mail.ehlo()
+    mail.starttls()
+    mail.login(GMAIL_ADDRESS, GMAIL_PASSWORD)
+
+    header = f"To: {recipient_address}\nFrom: {GMAIL_USERNAME}\nSubject: {subject}"
+    content = header + content
+
+    mail.sendmail(GMAIL_ADDRESS, recipient_address, content)
+    mail.quit()
+

src/alembic/versions/166f3772fce7_auth_officer_init.py

@@ -39,7 +39,6 @@ def upgrade() -> None:
         "officer_term",
         sa.Column("id", sa.Integer(), primary_key=True, autoincrement=True),
         sa.Column("computing_id", sa.String(length=32), sa.ForeignKey("site_user.computing_id"), nullable=False),
-        sa.Column("is_filled_in", sa.Boolean(), nullable=False),
         sa.Column("position", sa.String(length=128), nullable=False),
         sa.Column("start_date", sa.DateTime(), nullable=False),
         sa.Column("end_date", sa.DateTime(), nullable=True),
@@ -53,7 +52,6 @@ def upgrade() -> None:
     )
     op.create_table(
         "officer_info",
-        sa.Column("is_filled_in", sa.Boolean(), nullable=False),
         sa.Column("legal_name", sa.String(length=128), nullable=False),
         sa.Column("discord_id", sa.String(length=18), nullable=True),
         sa.Column("discord_name", sa.String(length=32), nullable=True),

src/auth/crud.py

@@ -7,7 +7,7 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 
 
-async def create_user_session(db_session: AsyncSession, session_id: str, computing_id: str) -> None:
+async def create_user_session(db_session: AsyncSession, session_id: str, computing_id: str):
     """
     Updates the past user session if one exists, so no duplicate sessions can ever occur.
 
@@ -84,9 +84,35 @@ async def get_computing_id(db_session: AsyncSession, session_id: str) -> str | N
 
 
 # remove all out of date user sessions
-async def task_clean_expired_user_sessions(db_session: AsyncSession) -> None:
+async def task_clean_expired_user_sessions(db_session: AsyncSession):
     one_day_ago = datetime.now() - timedelta(days=0.5)
 
     query = sqlalchemy.delete(UserSession).where(UserSession.issue_time < one_day_ago)
     await db_session.execute(query)
     await db_session.commit()
+
+
+async def user_info(db_session: AsyncSession, session_id: str) -> None | dict:
+    query = (
+        sqlalchemy
+        .select(UserSession)
+        .where(UserSession.session_id == session_id)
+    )
+    user_session = await db_session.scalar(query)
+    if user_session is None:
+        return None
+
+    query = (
+        sqlalchemy
+        .select(SiteUser)
+        .where(SiteUser.computing_id == user_session.computing_id)
+    )
+    user = await db_session.scalar(query)
+    if user is None:
+        return None
+
+    return {
+        "computing_id": user_session.computing_id,
+        "first_logged_in": user.first_logged_in.isoformat(),
+        "last_logged_in": user.last_logged_in.isoformat()
+    }

src/auth/urls.py

@@ -74,6 +74,7 @@ async def login_user(
         return response
 
 
+# TODO: deprecate this when possible
 @router.get(
     "/check",
     description="Check if the current user is logged in based on session_id from cookies",
@@ -93,6 +94,28 @@ async def check_authentication(
     return JSONResponse(response_dict)
 
 
+@router.get(
+    "/info",
+    description="Get info about the current user. Only accessible by that user",
+)
+async def get_info(
+    request: Request,
+    db_session: database.DBSession,
+):
+    """
+    Currently this endpoint only returns the info stored in tables in the auth module.
+    """
+    session_id = request.cookies.get("session_id", None)
+    if session_id is None:
+        raise HTTPException(status_code=401, detail="User must be authenticated to get their info")
+
+    user_info = await crud.user_info(db_session, session_id)
+    if user_info is None:
+        raise HTTPException(status_code=401, detail="Could not find user with session_id, please log in")
+
+    return JSONResponse(user_info)
+
+
 @router.post(
     "/logout",
     description="Logs out the current user by invalidating the session_id cookie",

src/constants.py

@@ -1,8 +1,11 @@
 import os
 
 root_ip_address = "http://localhost:8080" if os.environ.get("LOCAL") == "true" else "https://api.sfucsss.org"
-guild_id = "1260652618875797504" if os.environ.get("LOCAL") == "true" else "228761314644852736"
-github_org_name = "CSSS-Test-Organization" if os.environ.get("LOCAL") == "true" else "CSSS"
+GITHUB_ORG_NAME = "CSSS-Test-Organization" if os.environ.get("LOCAL") == "true" else "CSSS"
+
+W3_GUILD_ID = "1260652618875797504"
+CSSS_GUILD_ID = "228761314644852736"
+ACTIVE_GUILD_ID = W3_GUILD_ID if os.environ.get("LOCAL") == "true" else CSSS_GUILD_ID
 
 SESSION_ID_LEN = 512
 # technically a max of 8 digits https://www.sfu.ca/computing/about/support/tips/sfu-userid.html

src/cron/daily.py

@@ -0,0 +1,69 @@
+"""This module gets called by cron every day"""
+
+import asyncio
+import logging
+
+import github
+import google_api
+import utils
+from database import _db_session
+from officers.crud import all_officer_terms, get_user_by_username, officer_terms
+
+_logger = logging.getLogger(__name__)
+
+async def update_google_permissions(db_session):
+    # TODO: implement this function
+    # google_permissions = google_api.all_permissions()
+    # one_year_ago = datetime.today() - timedelta(days=365)
+
+    # TODO: for performance, only include officers with recent end-date (1 yr)
+    # but measure performance first
+    for term in await all_officer_terms(db_session):
+        if utils.is_active(term):
+            # TODO: if google drive permission is not active, update them
+            pass
+        else:
+            # TODO: if google drive permissions are active, remove them
+            pass
+
+    _logger.info("updated google permissions")
+
+async def update_github_permissions(db_session):
+    github_permissions, team_id_map = github.all_permissions()
+
+    for term in await all_officer_terms(db_session):
+        new_teams = (
+            # move all active officers to their respective teams
+            github.officer_teams(term.position)
+            if utils.is_active(term)
+            # move all inactive officers to the past_officers github organization
+            else ["past_officers"]
+        )
+        if term.username not in github_permissions:
+            user = get_user_by_username(term.username)
+            github.invite_user(
+                user.id,
+                [team_id_map[team] for team in new_teams],
+            )
+        else:
+            github.set_user_teams(
+                term.username,
+                github_permissions[term.username].teams,
+                new_teams
+            )
+
+    _logger.info("updated github permissions")
+
+async def update_permissions():
+    db_session = _db_session()
+
+    update_google_permissions(db_session)
+    db_session.commit()
+    update_github_permissions(db_session)
+    db_session.commit()
+
+    _logger.info("all permissions updated")
+
+if __name__ == "__main__":
+    asyncio.run(update_permissions())
+

src/database.py

@@ -84,23 +84,25 @@ async def session(self) -> AsyncIterator[AsyncSession]:
 
 
 if os.environ.get("DB_PORT") is not None:
+    # using a remote (or docker) database
     db_port = os.environ.get("DB_PORT")
     SQLALCHEMY_DATABASE_URL = f"postgresql+asyncpg://localhost:{db_port}/main"
     SQLALCHEMY_TEST_DATABASE_URL = f"postgresql+asyncpg://localhost:{db_port}/test"
 else:
     SQLALCHEMY_DATABASE_URL = "postgresql+asyncpg:///main"
     SQLALCHEMY_TEST_DATABASE_URL = "postgresql+asyncpg:///test"
 
+
 # also TODO: make this nicer, using a class to hold state...
 # and use this in load_test_db for the test db as well?
 def setup_database():
     global sessionmanager
 
     # TODO: where is sys.stdout piped to? I want all these to go to a specific logs folder
-    if os.environ.get("LOCAL"):
-        sessionmanager = DatabaseSessionManager(SQLALCHEMY_TEST_DATABASE_URL, {"echo": True})
-    else:
-        sessionmanager = DatabaseSessionManager(SQLALCHEMY_DATABASE_URL, {"echo": True})
+    sessionmanager = DatabaseSessionManager(
+        SQLALCHEMY_TEST_DATABASE_URL if os.environ.get("LOCAL") else SQLALCHEMY_DATABASE_URL,
+        { "echo": True },
+    )
 
 @contextlib.asynccontextmanager
 async def lifespan(app: FastAPI):